When we see that large companies dedicated to computer security are also victims of hacker attacks, we come to the conclusion that no one is safe.
Malwarebytes is one of the largest security companies in the world. Their software helps prevent threats on the Internet from reaching your computer, and their analysis has already shown that they have great resources in this sector.
Now the US firm reports that they suffered a hacker attack by the same group that attacked IT software company SolarWinds last year.
The attack is unrelated to the SolarWinds attack, as the company does not use any SolarWinds software on its internal network, but they have detected that the same group breached their internal systems through an inactive email protection product within the Office 365 platform exists in their infrastructure.
Malwarebytes said it learned of the intrusion from the Microsoft Security Response Center (MSRC) on Dec. 15, which detected suspicious activity coming from the inactive Office 365 security application.
At the time of the attack, Microsoft was auditing its Office 365 and Azure infrastructures for signs of malicious applications created by the SolarWinds hackers. When they identified the attack, Malwarebytes began an internal investigation to determine what the hackers accessed.
Apparently they only had access to a limited subset of internal company emails. They performed a very thorough audit of all their products and their source code, and found no threats in any product, internal or external, so the software we have installed on our computers has not been affected.
Malwarebytes is already the fourth major security vendor to be attacked by the same group (after FireEye, Microsoft and CrowdStrike), which U.S. officials have linked to a Russian government cyber-espionage operation.